New issue
Advanced search Search tips
Starred by 0 users
Status: Fixed
Owner:
Closed: Jul 2014
Cc:
EstimatedDays: ----
NextAction: ----
OS: All
Pri: 1
Type: Bug-Security



Sign in to add a comment
Use-of-uninitialized-value in v8::internal::Factory::NewNumber
Project Member Reported by clusterf...@chromium.org, Jun 30 2014 Back to list
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6150179231105024

Fuzzer: Inferno_twister
Job Type: Linux_msan_chrome

Crash Type: Use-of-uninitialized-value
Crash Address: 
Crash State:
  - crash stack -
  v8::internal::Factory::NewNumber
  v8::internal::Runtime_NumberSub
  v8::internal::Simulator::DoRuntimeCall
  

Minimized Testcase (26.55 Kb): https://cluster-fuzz.appspot.com/download/AMIfv95zhO9ecNddpFnIc8v-gue9NLaGjdrOIUjZfZYBRxwuawTwMIYmykBWiyYfycMyj-0WQnhCyYudMCFingV0Ne_vr8CWchFJl5MMoFe5S3ypihouSyn1N88OR21gXsArxQlMsLny79KQXRe8m1f0DZ5uJFnnlaFZSYIpjsItLMnTwY2xdtE
Filer: inferno@chromium.org
 
Cc: danno@chromium.org jkummerow@chromium.org
Labels: Security_Impact-Stable Security_Impact-Beta
Owner: yangguo@chromium.org
Status: Assigned
Project Member Comment 2 by clusterf...@chromium.org, Jul 1 2014
Labels: Pri-1
Project Member Comment 3 by clusterf...@chromium.org, Jul 2 2014
ClusterFuzz has detected this issue as fixed in range 280825:280995.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6150179231105024

Fuzzer: Inferno_twister
Job Type: Linux_msan_chrome

Crash Type: Use-of-uninitialized-value
Crash Address: 
Crash State:
  - crash stack -
  v8::internal::Factory::NewNumber
  v8::internal::Runtime_NumberSub
  v8::internal::Simulator::DoRuntimeCall
  
Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_msan_chrome&range=280825:280995

Minimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv94aNx6suHzxth17phkj7NtwOkzVbGkNjVmW9JF3xexGsXpwEnQsMbiXvAOvPr4bU3osNvG4KPhyfFVqL1t1gvA-FzRnCAQr8leYxUEBL2vNpHOZphlqOM--rYruSCG6HqafvG1RNyi2UfsIB_9fiKtC_N_Vj7O1HP_mHpd020xFR7HL13U

If you suspect that the result above is incorrect, try re-doing that job on the testcase report page.

Status: Fixed
Yup. Can't reproduce this any longer.
Project Member Comment 5 by clusterf...@chromium.org, Jul 7 2014
Labels: -Restrict-View-SecurityTeam Merge-Triage M-37 M-36 Restrict-View-SecurityNotify
Adding Merge-Triage label for tracking purposes.

Once your fix had sufficient bake time (on canary, dev as appropriate), please nominate your fix for merge by adding the Merge-Requested label.

When your merge is approved by the release manager, please start merging with higher milestone label first. Make sure to re-request merge for every milestone in the label list. You can get branch information on omahaproxy.appspot.com.

- Your friendly ClusterFuzz
Cc: infe...@chromium.org
Labels: -Merge-Triage -M-37 -M-36 Merge-NA Release-0-M38 M-38
Updating labels - MSAN bugs are rolling in off trunk.

Project Member Comment 7 by clusterf...@chromium.org, Oct 14 2014
Labels: -Restrict-View-SecurityNotify
Bulk update: removing view restriction from closed bugs.
Project Member Comment 8 by clusterf...@chromium.org, Feb 2 2016
Labels: -Security_Impact-Beta
Project Member Comment 9 by sheriffbot@chromium.org, Oct 1 2016
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Project Member Comment 10 by sheriffbot@chromium.org, Oct 2 2016
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Labels: allpublic
Sign in to add a comment